The infrastructure in production did not match the code in Git. The Helm chart you pushed had drifted.
Infrastructure drift is silent until it breaks something. IaC drift detection prevents that break. It compares the live state of resources to the intended state in your configuration. When drift is found, it reports and blocks unexpected changes before they ship.
Deploying IaC drift detection with a Helm chart is straightforward and reproducible. Helm, the package manager for Kubernetes, lets you bundle drift detection as a chart with templates, values, and hooks. You define your desired state in values.yaml. The chart installs the drift detection service into the target cluster. On each run, it queries the current cluster state and sends results to your control system.
Start with a clean Helm chart repository. Add a drift detection container image in your deployment template. Configure the service account with read access to all relevant Kubernetes resources. Use ConfigMaps or Secrets for integration settings, such as API keys to your IaC control server. Set updateStrategy to RollingUpdate for zero-downtime upgrades when you patch the detector.
For automation, link the Helm chart deployment to your CI/CD pipeline. On merge, the pipeline upgrades the drift detection release in the cluster. The detector scans immediately, posting any mismatch to your pull request status. This closes the feedback loop before production changes go live.
Monitor drift reports over time. If drift appears often, investigate where manual changes are made and lock down the change path. IaC drift detection is not only reactive; it enforces discipline in infrastructure management.
You can deploy and see IaC drift detection with a Helm chart in minutes. Visit hoop.dev and run it live—catch drift before it catches you.